Improper Privilege Management
In BIG-IP versions 15.1.0-126.96.36.199 and 15.0.0-188.8.131.52 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
CWE-269 - Improper Privilege Management
An effective privilege management infrastructure provides valid users with required access and privileges across heterogeneous technology environments. An application with a faulty privilege management infrastructure allows higher than authorized privileges or enables privilege escalation. This can lead to security incidents such as system infiltration, data breach, and complete system takeover.